Filtered by vendor Canonical
Subscribe
Total
4021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12207 | 8 Canonical, Debian, F5 and 5 more | 1533 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1530 more | 2022-11-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | |||||
| CVE-2022-44544 | 2 Canonical, Mahara | 2 Ubuntu Linux, Mahara | 2022-11-09 | N/A | 9.8 CRITICAL |
| Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | |||||
| CVE-2020-10029 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2022-11-09 | 2.1 LOW | 5.5 MEDIUM |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | |||||
| CVE-2019-19947 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2022-11-09 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | |||||
| CVE-2019-18218 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-11-09 | 6.8 MEDIUM | 7.8 HIGH |
| cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | |||||
| CVE-2022-0319 | 4 Apple, Canonical, Debian and 1 more | 4 Macos, Ubuntu Linux, Debian Linux and 1 more | 2022-11-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Out-of-bounds Read in vim/vim prior to 8.2. | |||||
| CVE-2014-9709 | 5 Canonical, Debian, Libgd and 2 more | 5 Ubuntu Linux, Debian Linux, Libgd and 2 more | 2022-11-08 | 5.0 MEDIUM | N/A |
| The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. | |||||
| CVE-2020-1730 | 6 Canonical, Fedoraproject, Libssh and 3 more | 6 Ubuntu Linux, Fedora, Libssh and 3 more | 2022-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. | |||||
| CVE-2020-14346 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-08 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2018-3282 | 6 Canonical, Debian, Mariadb and 3 more | 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more | 2022-11-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-6706 | 2 Canonical, Lua | 2 Ubuntu Linux, Lua | 2022-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. | |||||
| CVE-2020-10936 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-11-07 | 7.2 HIGH | 7.8 HIGH |
| Sympa before 6.2.56 allows privilege escalation. | |||||
| CVE-2020-12862 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-07 | 3.3 LOW | 4.3 MEDIUM |
| An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. | |||||
| CVE-2020-12863 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-07 | 3.3 LOW | 4.3 MEDIUM |
| An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. | |||||
| CVE-2020-12865 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-07 | 5.2 MEDIUM | 8.0 HIGH |
| A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | |||||
| CVE-2019-19054 | 6 Broadcom, Canonical, Fedoraproject and 3 more | 19 Brocade Fabric Operating System Firmware, Ubuntu Linux, Fedora and 16 more | 2022-11-07 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. | |||||
| CVE-2019-19126 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-11-07 | 2.1 LOW | 3.3 LOW |
| On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. | |||||
| CVE-2019-14855 | 3 Canonical, Fedoraproject, Gnupg | 3 Ubuntu Linux, Fedora, Gnupg | 2022-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. | |||||
| CVE-2020-14378 | 3 Canonical, Dpdk, Opensuse | 3 Ubuntu Linux, Data Plane Development Kit, Leap | 2022-11-07 | 2.1 LOW | 3.3 LOW |
| An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. | |||||
| CVE-2019-10149 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2022-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | |||||